{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54257","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:06:44.516Z","datePublished":"2025-12-30T12:15:52.186Z","dateUpdated":"2026-05-11T19:58:28.596Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:58:28.596Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: fix a memory corruption in extended buffer descriptor mode\n\nFor quite some time we were chasing a bug which looked like a sudden\npermanent failure of networking and mmc on some of our devices.\nThe bug was very sensitive to any software changes and even more to\nany kernel debug options.\n\nFinally we got a setup where the problem was reproducible with\nCONFIG_DMA_API_DEBUG=y and it revealed the issue with the rx dma:\n\n[   16.992082] ------------[ cut here ]------------\n[   16.996779] DMA-API: macb ff0b0000.ethernet: device driver tries to free DMA memory it has not allocated [device address=0x0000000875e3e244] [size=1536 bytes]\n[   17.011049] WARNING: CPU: 0 PID: 85 at kernel/dma/debug.c:1011 check_unmap+0x6a0/0x900\n[   17.018977] Modules linked in: xxxxx\n[   17.038823] CPU: 0 PID: 85 Comm: irq/55-8000f000 Not tainted 5.4.0 #28\n[   17.045345] Hardware name: xxxxx\n[   17.049528] pstate: 60000005 (nZCv daif -PAN -UAO)\n[   17.054322] pc : check_unmap+0x6a0/0x900\n[   17.058243] lr : check_unmap+0x6a0/0x900\n[   17.062163] sp : ffffffc010003c40\n[   17.065470] x29: ffffffc010003c40 x28: 000000004000c03c\n[   17.070783] x27: ffffffc010da7048 x26: ffffff8878e38800\n[   17.076095] x25: ffffff8879d22810 x24: ffffffc010003cc8\n[   17.081407] x23: 0000000000000000 x22: ffffffc010a08750\n[   17.086719] x21: ffffff8878e3c7c0 x20: ffffffc010acb000\n[   17.092032] x19: 0000000875e3e244 x18: 0000000000000010\n[   17.097343] x17: 0000000000000000 x16: 0000000000000000\n[   17.102647] x15: ffffff8879e4a988 x14: 0720072007200720\n[   17.107959] x13: 0720072007200720 x12: 0720072007200720\n[   17.113261] x11: 0720072007200720 x10: 0720072007200720\n[   17.118565] x9 : 0720072007200720 x8 : 000000000000022d\n[   17.123869] x7 : 0000000000000015 x6 : 0000000000000098\n[   17.129173] x5 : 0000000000000000 x4 : 0000000000000000\n[   17.134475] x3 : 00000000ffffffff x2 : ffffffc010a1d370\n[   17.139778] x1 : b420c9d75d27bb00 x0 : 0000000000000000\n[   17.145082] Call trace:\n[   17.147524]  check_unmap+0x6a0/0x900\n[   17.151091]  debug_dma_unmap_page+0x88/0x90\n[   17.155266]  gem_rx+0x114/0x2f0\n[   17.158396]  macb_poll+0x58/0x100\n[   17.161705]  net_rx_action+0x118/0x400\n[   17.165445]  __do_softirq+0x138/0x36c\n[   17.169100]  irq_exit+0x98/0xc0\n[   17.172234]  __handle_domain_irq+0x64/0xc0\n[   17.176320]  gic_handle_irq+0x5c/0xc0\n[   17.179974]  el1_irq+0xb8/0x140\n[   17.183109]  xiic_process+0x5c/0xe30\n[   17.186677]  irq_thread_fn+0x28/0x90\n[   17.190244]  irq_thread+0x208/0x2a0\n[   17.193724]  kthread+0x130/0x140\n[   17.196945]  ret_from_fork+0x10/0x20\n[   17.200510] ---[ end trace 7240980785f81d6f ]---\n\n[  237.021490] ------------[ cut here ]------------\n[  237.026129] DMA-API: exceeded 7 overlapping mappings of cacheline 0x0000000021d79e7b\n[  237.033886] WARNING: CPU: 0 PID: 0 at kernel/dma/debug.c:499 add_dma_entry+0x214/0x240\n[  237.041802] Modules linked in: xxxxx\n[  237.061637] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W         5.4.0 #28\n[  237.068941] Hardware name: xxxxx\n[  237.073116] pstate: 80000085 (Nzcv daIf -PAN -UAO)\n[  237.077900] pc : add_dma_entry+0x214/0x240\n[  237.081986] lr : add_dma_entry+0x214/0x240\n[  237.086072] sp : ffffffc010003c30\n[  237.089379] x29: ffffffc010003c30 x28: ffffff8878a0be00\n[  237.094683] x27: 0000000000000180 x26: ffffff8878e387c0\n[  237.099987] x25: 0000000000000002 x24: 0000000000000000\n[  237.105290] x23: 000000000000003b x22: ffffffc010a0fa00\n[  237.110594] x21: 0000000021d79e7b x20: ffffffc010abe600\n[  237.115897] x19: 00000000ffffffef x18: 0000000000000010\n[  237.121201] x17: 0000000000000000 x16: 0000000000000000\n[  237.126504] x15: ffffffc010a0fdc8 x14: 0720072007200720\n[  237.131807] x13: 0720072007200720 x12: 0720072007200720\n[  237.137111] x11: 0720072007200720 x10: 0720072007200720\n[  237.142415] x9 : 0720072007200720 x8 : 0000000000000259\n[  237.147718] x7 : 0000000000000001 x6 : 0000000000000000\n[  237.15302\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/cadence/macb_main.c"],"versions":[{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"dd7a49a3eaf723a01b2fdf153f98450a82b0b0fe","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"82e626af24683e01211abe66cec27a387f8f17c9","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"7169d1638824c4bf7e0fe0baad381ddec861fa70","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"1bec9da233f779e7b6954ee07ad7e6d8f2a4dd83","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"7ccc58a1a75601c936069d4a0741940623990ade","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"9412a9bf5952cdf5d0f736cc1e8c68fd366c2d47","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"5dcf3a6843d0d7cc76960fbe8511d425f217744c","status":"affected","versionType":"git"},{"version":"7b4296148066f19b5960127ba579e358df501c22","lessThan":"e8b74453555872851bdd7ea43a7c0ec39659834f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/cadence/macb_main.c"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"4.14.313","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.281","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.241","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.178","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.108","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.25","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.12","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"4.14.313"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"4.19.281"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.4.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.178"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.108"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1.25"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.2.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dd7a49a3eaf723a01b2fdf153f98450a82b0b0fe"},{"url":"https://git.kernel.org/stable/c/82e626af24683e01211abe66cec27a387f8f17c9"},{"url":"https://git.kernel.org/stable/c/7169d1638824c4bf7e0fe0baad381ddec861fa70"},{"url":"https://git.kernel.org/stable/c/1bec9da233f779e7b6954ee07ad7e6d8f2a4dd83"},{"url":"https://git.kernel.org/stable/c/7ccc58a1a75601c936069d4a0741940623990ade"},{"url":"https://git.kernel.org/stable/c/9412a9bf5952cdf5d0f736cc1e8c68fd366c2d47"},{"url":"https://git.kernel.org/stable/c/5dcf3a6843d0d7cc76960fbe8511d425f217744c"},{"url":"https://git.kernel.org/stable/c/e8b74453555872851bdd7ea43a7c0ec39659834f"}],"title":"net: macb: fix a memory corruption in extended buffer descriptor mode","x_generator":{"engine":"bippy-1.2.0"}}}}